package org.h.aibuildplatform.config;

import jakarta.annotation.Resource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;



@Configuration
public class WebSecurityConfig{
    // @Resource
    // private LoginSuccessHandler loginSuccessHandler;


    // @Resource
    // private LoginFailureHandler loginFailureHandler;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(); // 默认强度=10
    }
    @Bean
    WebSecurityCustomizer webSecurityCustomizer() {
        return new WebSecurityCustomizer() {
            @Override
            public void customize(WebSecurity web) {
                web.ignoring().requestMatchers("/hello");
            }
        };
    }



   /* @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }*/

    /*@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                //在AnonymousAuthenticationFilter之前添加自定义过滤器
                // .addFilterBefore(checkTokenFilter, AnonymousAuthenticationFilter.class)
                .formLogin()
                //登录请求
                .loginProcessingUrl("/user/login")
                //登录成功处理器
                .successHandler(loginSuccessHandler)
                //登录失败处理器
                .failureHandler(loginFailureHandler)
                .and()
                .authorizeRequests()
                .antMatchers("/user/login","/index.html","/1.txt")
                .permitAll()
                .antMatchers("/r/r1").hasAuthority("p1")
                .antMatchers("/r/r2").hasAuthority("p2")
                .and()
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
        ;
                // 开始对安全框架抛出的异常进行自定义处理的配置入口  设置一个自定义的认证入口点，用于在用户未登录（未认证）时访问受保护资源的情况下，返回自定义的未认证响应。 会调用 CustomAuthenticationEntryPoint 类中的逻辑。
                // 设置一个自定义的访问拒绝处理器，用于处理已认证用户但没有足够权限访问某个资源的情况。
                // .exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint()).accessDeniedHandler(new AccessFailedStrategy());


    }*/

}
